NAM & ActivClient Issue

I am wondering if anyone has come across the following scenario and if so what was your fix:

In some areas of our environment we run NAM on our Win10 workstations to utilize eap-chaining. The machines use ActivClient as the middleware. We have noticed that sometimes when users select their PIV (authentication) certificate to use for authentication in an attempt to map their UPN to their AD account that ActivClient & NAM pass the UPN without the extended string. For example, what I mean by that is if my Sub. Alt. Name UPN is 123456789*121005* (121005 being the additional string) that NAM passes 123456789 to ISE and users are not hitting the proper authz policy because ISE does not see/attempt to map their UPN to AD. We have ran through a lot of tests and will continue to.

Here are the versions of everything:

ISE 2.4p5 (moving to patch 6 soon)

NAM 4.6.01103

Tested the following versions of ActivClient (7.1.0.153) (7.1.0.213) (7.1.0244)

Re: NAM & ActivClient Issue

Issue has been resolved. Long story short we tested several versions of ActivClient and implemented the following GPO change:Computer Config->Admin Templates->HID Global->ActivClient->Smart Card and ensure that the PIV is used as the primary certificate

Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
view more

Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
view more

Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
view more

To participate in this event, please use the button to ask your questions
(This event was formerly know as Ask the Expert event)
This topic is a chance to discuss more about the best configuration and troubleshooting pr...
view more